StaticSpeed Vulnerability Report

As you start your final project, you are expected to perform the following tasks in BOTH
Windows and Linux systems. We need to decide if StaticSpeeds systems should be integrated
into NuttyUtility's extended network and infrastructure. In the end, your report must support
your recommendation. This document is a template that NuttyUtility uses similar system
reviews. Some specific information is provided in certain places after initial talks with
NuttyUtility. Please follow the format of this template and answer all questions for each
section. You will need to provide either the text outputs from the command line and/or
screenshots as evidence in all sections of this template to show that you have completed
the required steps of our company's template and make it easier for stakeholders to see
where there might be issues.

Your report must include the findings of your CIS Benchmarks and Security control checks
along with the results of Openvas and NMap scans. As a security professional, it is expected
that you will relay your findings in terms of industry language (i.e., CVE-xxxx-xxxx, Mitre
Technique ID Txxx where applicable). Based on NuttyUtility's security policies, are these
systems ready? Your report will be used by stakeholders to decide on the integration.

The best way to find these vulnerabilities is by performing vulnerability scans using Nmap
NSE Vuln scripts as shown in the course Nmap lesson and use the CIS benchmarks requested
in the project.

Control checks and CIS benchmarks for Windows & Ubuntu

In this section, outline your answers from the requested checks. Please provide either the
command-line outputs in the form of text or screenshots that show a CIS check and/or
control check has been performed. You must also answer the questions based on your
assessments.
Step 1: Asset identification, address update, dependencies,
patches, and native protections at targeted Server/ Desktop
Operating Systems
Task 1
As seen in your lessons, you must have CIS Benchmarks for Ubuntu 18.04 v2.01 and Windows
10 Ent v1.9.0 to perform these checks. Use the MITRE website for the database of common
vulnerabilities and exposures (CVE) https://cve.mitre.org and Mitre ATT&CK framework for
referencing attack techniques, tools, and procedures attack.mitre.org.

You must download the CIS Benchmark PDFs for Ubuntu 18.04 v2.01 and Windows 10 Ent
v1.9.0. In these PDFs, there will be all the information related to the CIS Benchmarks
requested in the following tasks which need to be included in your final report. In order to
perform the vulnerability scans via Nmap NSE scripts as shown in Lesson 6 “Use Nmap for
Vulnerability Discovery“ Please review the lesson if needed and use, as suggested in the
Lesson NSE scripts from Vulscan and Vulners GitHub repositories. Using these NSE scripts
should be enough to discover the vulnerabilities present in your virtual machines (Both
Ubuntu and Windows Machines). Both machines have vulnerable services and applications,
a vulnerability may include as well, a deprecated or outdated/exposed service, it is also
suggested to use the highest privilege (root/administrator) when applicable to perform an
audit, there might be applications not found by network scan yet present at machines that
are also reportable (Please review Lesson 2 “Software Inventory and Version Tracking”).

Once you discover the vulnerabilities please refer to Mitre cve.mitre.org for vulnerability
classification and remediation, also Mitre ATT&CK framework attack.mitre.org (Lesson 2,
“Identify Industry Frameworks for Vulnerability Reference Pt 1“) to get things such as
technique ids, tools, and procedures. Once you have all this information, you will need to
complete the report template. Your report Must also include the CIS Benchmarks requested
in the next tasks please see template examples for the report format.
Task 2
Let's get started on our assessment. We need to find out if software updates and third-party
packages settings are correct. Verify in both of your hosts the following checks.
Are software updates for the systems and third parties configured correctly in these
systems?
What is your assessment of StaticSpeeds systems configuration for software updates and
third-party packages? Please provide evidence to support your evaluation (command line
output or screenshots for each as well)

Windows CIS 18.9.102.2

- The configure automatic updates here is disabled and it needs to be enabled

Ubuntu CIS 1.2.1

The machine has some update packages that are not installed yet!
Task 3- Native Protections and Software Inventory
Next, verify that native protections for the operating systems are enough to protect systems
from exploitation. (Hint: Think upgrades) We also need to know exactly what software is
running on every machine. Also, please perform a software inventory on each computer and
post your findings. The more you know about the systems you are defending, the better
chance you will mitigate and harden them.
Windows CIS 18.3.4
Ensure 'Enable Structured Exception Handling Overwrite Protection (SEHOP)' is set to
'Enabled.'

Figure 1 Windows CIS 18.3.4

Is this system compliant?

This group policy does not exist by default in this machine it need to be added by follow this
guide:

"This Group Policy path does not exist by default. An additional Group Policy template
(SecGuide.admx/adml) is required - it is available from Microsoft at this link. More information is
available at MSKB 956607: How to enable Structured Exception Handling Overwrite Protection
(SEHOP) in Windows operating systems"
Provide documentation as to what applications are installed on the Windows machine.
Is VNC viewer installed in this Windows System?
Please provide proof of checks via command output or screenshots. According to these
checks, are native protections applied to these systems? What packages are installed in this
ubuntu machine?
Is TightVNC installed on this Ubuntu machine?

Do these applications, both for Windows and Ubuntu, bring added risks to these systems?
Please provide proof and reasoning for your answer.

Windows
- Running the following command to get all the applications downloaded on then
machine:
Wmic product get name, version
- The results shows that the VNC Viewer is installed on the system.

Figure 2 List of the Windows applications

- This version of the VNC is vulnerable so it is recommended to update the VNC

Ubuntu
- Running the following command to get all the applications downloaded on then
machine:
apt list –installed
- The results shows that the VNC Viewer is installed on the system.

Figure 4 Ubuntu - VNC application

Figure 3 All the applications in the ubuntu machine

 - This version of the VNC is vulnerable so it is recommended to update the VNC or
remove the vnc application

Ubuntu CIS 1.6.1, 1.6.2

1.6.1 Ensure XD/NX support is enabled

Figure 5 CIS 1.6.1

- The ubuntu machine implements this policy

1.6.2 Ensure address space layout randomization (ASLR) is enabled

Figure 6 CIS 1.6.2

Remediation for CIS 1.6.2:
Set the following parameter in /etc/sysctl.conf or a /etc/sysctl.d/* file:
kernel.randomize_va_space = 2

Task 4

Perform a network asset inventory using Nmap to identify VMs with open ports on both
Windows and Linux

What is your assessment of the Asset Inventory and what recommendations do you have to
mitigate any potential issues. Please provide evidence to support your findings.

Windows Nmap Scan:

Figure 7 Windows Nmap Scan for open ports

Ubuntu Nmap Scan:

Figure 8 Ubuntu Nmap Scan for open ports

- Always disable all the unused ports

Step 2: Assess Access Management at Targeted Assets

Task 1
Check for current settings on Network Segmentation, VLANs, Domain Isolation, or IP Security
Policies.

After completing your checks, what is your assessment of these settings? What
recommendations do you have to improve the settings? Remember to provide evidence to
back up your thoughts. Things to consider on both Ubuntu and Windows:
● Are there any VLANs?

Figure 9 Windows VLANS

Figure 10 Ubuntu VLAN
 ● Are there any policies in place?
● If there are any, are they applied?
- The policy is available but not applied

Figure 11 Policy dor Windows

● Is Anonymous access granted to any share? yes they can access the share on both
machines the windows and the ubuntu

VLAN hints:
Ubuntu: look under /etc/network/interfaces
Windows: Look under properties of network adapter or Cmdlet Get-NetAdapter|Format-
List*, secpol.msc (please provide screenshots)
 Figure 12 Windows Shares

- If it`s enabled it means that anyone in the same network can access to the shares
It should be turned off

Figure 13 Ubuntu shares

 - This configuration means anyone has access to the same network as the ubuntu
machine can access this share
- The guest value should be changed to no

Task 2
Investigate and assess the remote access services and protocols in place for StaticSpeed and
determine their security level. After completing your investigation, including your
assessment of how StaticSpeed is doing with remote access. Please have evidence to support
your findings. Remember to consider IPv4 and IPv6. Also, include which Remote Service
protocols are running on these systems (both Ubuntu and Windows)? What would you
recommend to make improvements to this system? Are there protocols that should not be
enabled?. Are there networking features that should be disabled or hardened?

Windows
Recommendations:
- The guest users must not be in the remote desktop users they should be
removed
- There should be user policy to restrict remote access
- The RDP should be disable if no need for it.
- Disable the connection to Ipv6
Ubuntu
- Based on nmap scan port 22 is open
Recommendations:
- Establish user policy for remote access.
- Monitoring remote access ports.
- Disable Ipv6 connection.
- Must use strong encryption for connections
 - The guest users are allowed to access the data folder they should be
prevented

Task 3
NuttyUtility only needs remote access ports for administrators on workstations. What is your
assessment of the firewalls in StaticSpeed's systems? Please include evidence to support
your thoughts. We need to know if the firewalls are configured correctly?
Also, what ports would you suggest to have open and running and why?

Windows
Ubuntu
 - The firewall should be enabled on both machines

Task 4
Next, conduct a Principles of Least Privilege assessment of StaticSpeed's system. We need to
know:
● Which users have high privileges?
● Do important PII folders have the correct permissions and ownership?
● Are the default settings correct, and are there any excessive permissions?
● On our initial scan, we found "data" shared folders that need further investigation.
● Are there "guest" accounts enabled? Are they allowed to use Sudo commands? Are
they allowed to log in to ALL workstations?.

Based on your findings, what should be done to secure these accounts and permissions
better? Please provide proof of your results and provide reasoning for your answer.

Windows
- Student user has high privileges and the student must be removed from admin group
- Everyone has access to important file, the access here should be restricted.

- Guest account is enabled

Ubuntu

- Ustudent can run all commands as root

Are the default settings correct, and are there any excessive permissions?
- No ustudnet has high priviledge
 - Everyone has access to this folder including guest account

How to secure?
- Guest accounts should be disabled on both machines
Step 3: Log Monitoring Setup for Detection at Targeted Assets

StaticSpeed has provided access to a monitoring device that has recorded some traffic
marked as malicious. Please investigate and assess this further using Wireshark or tcpdump
and the provided capture files (pcaps). It is also required of you to verify that appropriate
logging is in place at your machines.
Complete your assessment of this traffic. Then, add your suggestions on any issues and
improvements by following the steps below. Remember to provide evidence to support your
work and recommendations.

Task 1
In this audit, use the pcaps named bruteforce2.pcap and lateralmovement.pcap, along with
the other pcaps that may provide more insight into StaticSpeed's network. We recommend
focusing on bruteforce2.pcap.

The snapshot below shows the list of pcap files present in both machines.
Use the pcap file to assess and determine the following:
● What type of attack was recorded? Brute force
● What is the source IP of the attack? 10.0.2.5
● What protocol was targeted? telnet
● What password was used successfully? 12345
● Which user was compromised? john

Based on your findings from above, what is your assessment of what happened? Please
provide evidence to back up your results.

The Command:
- Ip.addr ==10.0.2.5 && ip.addr == 10.0.2.7 && telnet
Task 2
We suspect that an internal user may have compromised another machine inside
StaticSpeed's network and pivoted to one of the devices you are auditing. Please use
lateralmovement.pcap and determine the following:

Please provide a narrative of what happened based on your findings. Justify your report
based on the answers.

● What was the source IP of the "initial" attack? 10.0.2.7

● Did the attacker try to access your machine from a compromised device - MITRE
ATT&CK Technique T1021? yes
● What service and port were targeted? SMB 445
● Was the attacker able to access a sensitive file at the machine you are auditing?
Mitre ATT&ACK Technique - T1570 – YES THE PAYROLL FILE
Task 3
Look at logs on the StaticSpeed Windows machine.
Using the logs, determine the following:
● Are there any issues with Windows Share? Please provide screenshots of your
findings.
● Look at the audit logs setup at your Linux machine and find the audit.log file. What
was the name of the attacker’s account? Please provide screenshots.

Based on what you found above, provide your assessment on whether these events are
enough to start an investigation? Please explain your answer based on what you saw in the
logs.
- Yes it`s enough to start investigation

Windows

- Everyone is allowed access shared data

Ubuntu

- Attacker name: guest

Task 4
NuttyUtility has a centralized log infrastructure using a SIEM product. You need to verify the
machines you are checking from StaticSpeed have the settings enabled to use this.

Analyze StaticSpeeds systems and determine if these machines are currently shipping jobs
to a centralized location and set up correctly for our SIEM.

Hint: Perform Ubuntu CIS 4.2.1.3 and verify if remote Syslog is configured for sending logs.
In Windows, verify in the event viewer if there are any remote subscriptions related to
Windows Event Forwarder.

Based on your answers, suggest a course of action to ensure StaticSpeed meets our needs
to use a SIEM.

Figure 14 Event Forwarding

- It should be enabled
 Figure 15 event viewer 2

Figure 16 SIEM and Ubuntu

- It should be uncommented to transfer the logs from the ubuntu to the SIEM
Step 4: Assess Authentication Management at Targeted Assets

Task 1
Evaluate the authentication management situation of StaticSpeed's systems. In our initial
look at StaticSpeed, we discovered what is called a "FLAT" network. This means there are no
either Active Directory servers or OpenLDAP servers for Linux. We need these to provide us
with tools to administer the network and enforce access control models. Specifically, when
it comes to separate departments, supervisors, end-users, administrators, contractors,
visitors, etc.

We also suspected that anyone that accesses this network could pretty much access
everything. Determine if the current authentication scheme at StaticSpeed is unacceptable.
Make sure to include the following:
● Ensure only administrators can remotely access windows machines and verify if root
access is permitted at the Linux host.
● Check for users with excessive permissions
● Is root remote login allowed?
● Are there users that should not have remote access via ssh in Linux?
● Remote Desktop Access should only be granted to administrators in Windows, are
there other accounts that should not be given access?

Knowing that your company only wants administrators to log remotely, provide a summary
of the current situation for StaticSpeed. Then, suggest what accounts should be allowed to
log remotely and why. Include your recommendations on whether StaticSpeeds
authentication is acceptable and how you would improve it if it is not. Don't forget to include
evidence to back up your recommendations.

Recommendation for both machines:

- Allow only admins to use RDP
- The guest accounts should be disabled
- The ssh and telnet both should be disabled
- Make strong password
- Implement MFA
Figure 17 Guest user available on remote users

Figure 18 student user available on admin group

- Root login is not permitted

- Ustudent user has excessive permissions

Task 2
NuttyUtility follows CIS Benchmarks. Therefore, we need to audit the password policies of
StaticSpeed to see if they comply.
Audit the StaticSpeeds systems to verify that they comply with CIS 5.3.1 Ubuntu or Windows
10 CIS benchmarks 1.1.5? Please provide screenshots of current settings in both systems.

After you perform the checks, please provide an overview of your findings with the specific
settings that should be in place and any other changes that should be made. Remember to
justify your answer.
Ubuntu

The policy is not implemented the minimum length here is 8 and it is commented
Recommendations:
Password Length:
• minlen = 14 - password must be 14 characters or more
Password complexity:
• minclass = 4 - The minimum number of required classes of characters for the new password
(digits, uppercase, lowercase, others)
OR
• dcredit = -1 - provide at least one digit
• ucredit = -1 - provide at least one uppercase character
• ocredit = -1 - provide at least one special character
• lcredit = -1 - provide at least one lowercase character

Windows

- The 'Password must meet complexity requirements' is disabled and it should be

enabled
Task 3
NuttyUtility uses a strong encryption ciphers policy (FIPS 140-2). Verify that your target assets
comply with this policy. Check that these systems are compliant?. Please provide proof of
the checks and give specifics on what to do next to get these systems compliant.

Windows
Ubuntu

- FIPS are disabled on both machines

Task 4
Conduct aggressive testing for password strength. Use a Nmap NSE Script to test how easy
it would be to access StaticSpeed's FTP Server and SMB Shares if an attacker probed them.
We have already requested and obtained permission to perform these audits.
Please use an NSE Script to test Mitre ATT&CK T1110 in your Ubuntu virtual machine. Also,
use an NSE Script to test the security mode of your SMB shares at your Windows virtual
machine. What are your findings? Please provide screenshots. Remember to give an
explanation of the security state of these services based on your results.
 Figure 19 Ubuntu scan for FTP

Figure 20 Windows scan for smb

-use different versions of smb or disable it if these is no share

Step 5: Final Report

After performing the project's tasks, you must produce a report that will include an overview
of your findings using the best practices industry format. You are expected to include ALL
high, medium, low vulnerabilities, and informational findings (Things that are not necessarily
scored but are relevant). Make sure to use and include the scanner switches and vulnerability
scripts as they may provide conclusions that are not found in the default scanner settings.

The format expected for both virtual machine results is below. Please divide by Operating
System
- Linux Ubuntu 18.04
- Windows 10

Windows 10 ENT
- These results are based on openVAS scanner

Ex
Host High Medium Low Log

172.20.10.2 33 5 2 0

IP Address: 172.20.10.2

Service Port Sensitive Level

SMB 445 TCP High

MSRPC 135 TCP Medium

ICMP TCP Low

Expected detail format for vulnerabilities found

High

1- CVE-1999-0503

Issue
A number of known default credentials are tried for the login via the SMB protocol.

Impact
It was possible to login with the following credentials via the SMB protocol to the 'IPC$'
share. <User>:<Password>

superuser:1234

Mitigation
Change the password as soon as possible.

Reference

https://172.20.10.10/cve/CVE-1999-0503

2 - CVE-1999-0636

Issue
The remote host is running a 'discard' service. This service typically sets up a listening socket and will
ignore all the data which it receives. This service is unused these days, so it is advised that you
disable it.

Impact
The discard service was detected on the target host.

Mitigation
- Under Unix systems, comment out the 'discard' line in /etc/inetd.conf and restart the inetd process.
- Under Windows systems, set the following registry key to 0:
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableTcpDiscard Then launch
cmd.exe and type:
net stop simptcp
net start simptcp
To restart the service.

Reference

https://172.20.10.10/cve/CVE-1999-0636
3- CVE-1999-0506
Issue
A number of known default credentials are tried for the login via the SMB protocol .

Impact
It was possible to login with the following credentials via the SMB protocol to the 'IPC$' share.
<User>:<Password>

work:1234

Mitigation
Change the password as soon as possible.

Reference
https://192.168.8.198/cve/CVE-1999-0506

4 - CVE-1999-0505

Issue
A number of known default credentials are tried for the login via the SMB protocol.

Impact
It was possible to login with the following credentials via the SMB protocol to the 'IPC$' share.
<User>:<Password>

operator:1234

Mitigation
Change the password as soon as possible.

Reference
https://192.168.8.198/cve/CVE-1999-0505

5 - CVE-2000-0222

Issue
A number of known default credentials are tried for the login
via the SMB protocol.

Impact
It was possible to login with the following credentials via the SMB protocol to the 'IPC$'
share. <User>:<Password>

ftpuser:1234
Mitigation
Change the password as soon as possible.

Reference
https://172.20.10.10/cve/CVE-2000-0222

Medium

1- CVE-1999-0635

Issue
An echo Service is running at this Host via TCP and/or UDP.

Impact
Vulnerability was detected according to the Detection Method.

Mitigation
Disable the echo Service.

Reference

https://192.168.8.198/cve/CVE-1999-0635

2 - CVE-1999-0103

Issue
The remote host is running a 'chargen' service.

Impact
Vulnerability was detected according to the Detection Method.

Mitigation
- Under Unix systems, comment out the 'chargen' line in /etc/inetd.conf and restart the inetd process
- Under Windows systems, set the following registry keys to 0 :
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableTcpChargen
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableUdpChargen Then launch
cmd.exe and type : net stop simptcp net start simptcp To restart the service.

Reference

https://192.168.8.198/cve/CVE-1999-0103

3 - CVE-2015-0204
Issue
It was possible to detect the usage of the deprecated TLSv1.0
and/or TLSv1.1 protocol on this system.

Impact
In addition to TLSv1.2+ the service is also providing the deprecated TLSv1.0 and TLSv1.1
protocols and supports one or more ciphers. Those supported ciphers can be found in the
'SSL/TLS: Report Supported Cipher Suites' (OID: 1.3.6.1.4.1.25623.1.0.802067) VT.

Mitigation
It is recommended to disable the deprecated TLSv1.0 and/or
TLSv1.1 protocols in favor of the TLSv1.2+ protocols. Please see the references for more
information.

Reference
https://172.20.10.10/cve/CVE-2015-0204

4- CVE-2011-3389

Issue
It was possible to detect the usage of the deprecated TLSv1.0 and/or TLSv1.1 protocol on
this system.

Impact
In addition to TLSv1.2+ the service is also providing the deprecated TLSv1.0 and TLSv1.1
protocols and supports one or more ciphers. Those supported ciphers can be found in the
'SSL/TLS: Report Supported Cipher Suites' (OID: 1.3.6.1.4.1.25623.1.0.802067) VT.

Mitigation
It is recommended to disable the deprecated TLSv1.0 and/or
TLSv1.1 protocols in favor of the TLSv1.2+ protocols. Please see the references for more
information.

Reference
https://172.20.10.10/cve/CVE-2011-3389

Low
1- CVE-1999-0524

Issue
The remote host responded to an ICMP timestamp request.

Impact
Vulnerability was detected according to the Detection Method.

Mitigation
Various mitigations are possible:

- Disable the support for ICMP timestamp on the remote host completely

- Protect the remote host by a firewall, and block ICMP packets passing through the firewall
in
either direction (either completely or only for untrusted networks).

Reference
https://172.20.10.10/cve/CVE-1999-0524
Ubuntu 18.04

Ex
Host High Medium Low Log

172.20.10.14 36 40 4 0

IP Address: 172.20.10.14

Service Port Sensitive Level

SSH 22 TCP High

HTTP 80 TCP Medium

SMB 445 TCP Low

Expected detail format for vulnerabilities found

High

1- CVE-2020-1472

Issue
Samba is prone to an unauthenticated domain takeover vulnerability via netlogon
(ZeroLogon).

Impact
Installed version: 4.7.6
Fixed version: 4.10.18
Installation
path / port: 445/tcp

Mitigation
Update to version 4.10.18, 4.11.13, 4.12.7 or later.

Reference
https://172.20.10.10/cve/CVE-2020-1472
2- CVE-2021-34798

Issue
Apache HTTP Server is prone to multiple vulnerabilities.
Impact
Installed version: 2.4.29
Fixed version: 2.4.49
Installation
path / port: 80/tcp

Mitigation
Update to version 2.4.49 or later.

Reference
https://172.20.10.10/cve/CVE-2021-34798

3- CVE-2022-31813

Issue
Apache HTTP Server is prone to multiple vulnerabilities.

Impact
Installed version: 2.4.29
Fixed version: 2.4.54
Installation
path / port: 80/tcp

Mitigation
Update to version 2.4.54 or later.

Reference
https://172.20.10.10/cve/CVE-2022-31813

4- CVE-2022-0336
Issue
Samba is prone to an impersonation vulnerability.

Impact
Installed version: 4.7.6
Fixed version: 4.13.17
Installation
path / port: 445/tcp

Mitigation
Update to version 4.13.17, 4.14.12, 4.15.5 or later.

Reference
https://172.20.10.10/cve/CVE-2022-0336

5 - CVE-2021-44224

Issue
Apache HTTP Server is prone to multiple vulnerabilities.

Impact
Installed version: 2.4.29
Fixed version: 2.4.52
Installation
path / port: 80/tcp

Mitigation
Update to version 2.4.52 or later.

Reference
https://172.20.10.10/cve/CVE-2021-44224

Medium

1- CVE-2021-3670
Issue
Samba is prone to an unspecified vulnerability.

Impact
Installed version: 4.7.6
Fixed version: 4.14.13
Installation
path / port: 445/tcp
Mitigation
Update to version 4.14.13, 4.15.6 or later.

Reference
https://172.20.10.10/cve/CVE-2021-3670

2- CVE-2020-10760

Issue
Samba is prone to two use-after-free vulnerabilities.

Impact
Installed version: 4.7.6
Fixed version: 4.10.17
Installation
path / port: 445/tcp

Mitigation
Update to version 4.10.17, 4.11.11, 4.12.4 or later.

Reference
https://172.20.10.10/cve/CVE-2020-10760

3- CVE-2018-16851

Issue
Samba is prone to multiple denial of service (DoS) vulnerabilities.

Impact
Installed version: 4.7.6
Fixed version: 4.7.12
Installation
path / port: 445/tcp

Mitigation
Update to version 4.7.12, 4.8.7, 4.9.3 or later.

Reference
https://172.20.10.10/cve/CVE-2018-16851
4 - CVE-2019-6109
Issue
Samba is prone to an information disclosure vulnerability.

Impact
Installed version: 7.6p1 Installed version: 7.6p1

Fixed version: 8.0 Fixed version: 8.0

Installation Installation

Mitigation
Update to version 8.0 or later.

Reference
https://172.20.10.10/cve/CVE-2019-6109

5 - CVE-2019-14870

Issue
Samba is prone to multiple vulnerabilities.
Impact
Installed version: 4.7.6
Fixed version: 4.9.17
Installation
path / port: 445/tcp

Mitigation
Update to version 4.9.17, 4.10.11, 4.11.3 or later.

Reference
https://172.20.10.10/cve/CVE-2019-14870
Low

1- CVE-2021-20316

Issue
Samba is prone to a symlinc race vulnerability which can allow
metadata read and modify outside of the exported share.

Impact
Installed version: 4.7.6
Fixed version: 4.15.0
Installation
path / port: 445/tcp

Mitigation
Update to version 4.15.0 or later.

Reference
https://172.20.10.10/cve/CVE-2021-20316

2 -CVE-2021-43566

Issue
Samba is prone to a share escape vulnerability.

Impact
Installed version: 4.7.6
Fixed version: 4.13.16
Installation
path / port: 445/tcp

Mitigation
Update to version 4.13.16 or later.

Reference
https://172.20.10.10/cve/CVE-2021-43566
3- CVE-1999-0524

Issue
The remote host responded to an ICMP timestamp request.

Impact
Vulnerability was detected according to the Detection Method.

Mitigation
Various mitigations are possible:

- Disable the support for ICMP timestamp on the remote host completely

- Protect the remote host by a firewall, and block ICMP packets passing through the firewall
in
either direction (either completely or only for untrusted networks)

Reference
https://172.20.10.10/cve/CVE-1999-0524

3- CVE-1999-0524

Issue
The remote host responded to an ICMP timestamp request.

Impact
Vulnerability was detected according to the Detection Method.

Mitigation
Various mitigations are possible:

- Disable the support for ICMP timestamp on the remote host completely

- Protect the remote host by a firewall, and block ICMP packets passing through the firewall
in
either direction (either completely or only for untrusted networks)

Reference
https://172.20.10.10/cve/CVE-1999-0524
Step 6: Final Assessment and Recommendations Based on Your
Scans and Checks

In this section, provide a final recommendation, supported by the information above, on

whether NuttyUtility should extend its network and integrate the StaticSpeed system into its
current infrastructure.
Include the following in your assessment:
- Would integrating this network into the extended network of our company bring new risks
and exposures?
- If it would be a risk to NuttyUtility, what recommendations would you make to mitigate
these risks before implementing the integration, and why?
- Please provide reasoning based on the proof obtained throughout your assessment.
- Remember, the Stakeholders need to decide as to whether or not to complete this
integration now.

Integrating these systems would result in major security risks because this system has open
ports, packages and patches has not been installed which the attackers can exploit. In order
to be able to integrate the systems all the required patches should be installed, unused ports
should be closed, remove guest users from the configurations, and implement all the CIS
benchmarks related to each machine to strengthen the security of these systems and reduce
the attach surface. Moreover, these installing the patches and checking the and assessing
the configurations of the system should be an ongoing process to determine the severity of
the risks that the NuttyUtility would face as vulnerabilities are revealed.

In conclusion, these systems should not be integrated because they are highly vulnerable
but some mitigation can be implemented to secure them and then we can integrate them
such as (i)Update the systems, (ii) closed unnecessary open ports, (iii) adjust the
configuration and remove the guest from it, Implement the CIS benchmarks, (iv)enforce
password complexity.